Domain Controller Firewall 1.3.4

Visit firewall.dsinternals.com for more details on this project.

The whitepaper has been slightly improved based on community feedback:

• Added a warning on RPC dynamic range restrictions by @rafalfitt in #12
• Updated StigViewer links by @Harvester57 in #13
• Added info on Zero Trust DNS (ZTDNS).
• Added a note on CVE-2025-29969: MS-EVEN RPC Remote Code Execution Vulnerability.

The DCFWTool contains a new CustomRules.Semperis.ps1 script that showcases firewall rules for Semperis Active Directory Forest Recovery (ADFR) and Semperis Directory Services Protector (DSP) agents.

Domain Controller Firewall 1.3.3

Visit firewall.dsinternals.com for more details on this project.

The whitepaper has been slightly improved based on community feedback. No changes have been made to the DCFWTool.

Domain Controller Firewall 1.3.2

Visit firewall.dsinternals.com for more details on this project.

The whitepaper has been slightly improved based on community feedback. No changes have been made to the DCFWTool.

Domain Controller Firewall 1.3.1

Visit firewall.dsinternals.com for more details on this project.

Only the Firewall Rule Merging section of the whitepaper has been expanded as part of this release. No changes have been made to the DCFWTool.

Domain Controller Firewall 1.3

This version of the DCFWTool and the accompanying whitepaper contain improvements based on customer feedback. Visit firewall.dsinternals.com for more details on this project.

Notable changes:

• Added the Port Scanning and expanded the System Reboots sections of the whitepaper.
• The Set-ADDSFirewallPolicy.ps1 script performs additional configuration file validations.
• The Update-ADDSFirewallPolicy.bat script now restarts the Netlogon service as well.
• Fixed a bug in the Undo-ADDSFirewallPolicy.bat script.

Domain Controller Firewall 1.2

This version of the DCFWTool and the accompanying whitepaper contain improvements based on customer feedback. Visit firewall.dsinternals.com for more details on this project.

Notable changes:

• Added the RestrictADWS configuration parameter.
• Added the Update-ADDSFirewallPolicy.bat script.
• Fixed some typos in the documentation.

Domain Controller Firewall 1.1

The DCFWTool and the accompanying whitepaper are now ready for production use. If interested, go to firewall.dsinternals.com for more details.

In this release, only the documentation has been slightly improved.

Domain Controller Firewall 1.0

The DCFWTool and the accompanying whitepaper are now ready for production use. If interested, go to firewall.dsinternals.com for more details.

Public Draft v0.9

The DCFWTool has these new capabilities:

• Added support for additional Windows Server roles, including WDS, WSUS, FSRM, IIS, DHCP, and NPS.
• The scripts now shows warning if the settings are not compliant with security standards.
• Improved support for multi-domain and multi-forest deployment.
• Implemented option to load external scripts with customer-specific firewall rules.

The whitepaper is now published at firewall.dsinternals.com, in addition to being available in the PDF format.

Public draft v0.8

Public draft (#1)